'Jeep owners urged to update their cars after hackers take remote control' diff viewer (1/2)

This article is from the source 'guardian' and was first published or seen on July 21, 2015 14:48 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/technology/2015/jul/21/jeep-owners-urged-update-car-software-hackers-remote-control

The article has changed 3 times. There is an RSS feed of changes available.

Previous version 1 2 Next version

Previous version 1 2 Next version

Version 1	Version 2
Jeep owners urged to update their cars after hackers take remote control	Jeep owners urged to update their cars after hackers take remote control
2015-07-21 16:05:18 UTC	2015-07-22 08:45:18 UTC (about 17 hours later)
Security experts are urging owners of Fiat Chrysler Automobiles vehicles to update their onboard software after hackers took control of a Jeep over the internet and disabled the engine and brakes and crashed it into a ditch.	Security experts are urging owners of Fiat Chrysler Automobiles vehicles to update their onboard software after hackers took control of a Jeep over the internet and disabled the engine and brakes and crashed it into a ditch.
A security hole in FCA’s Uconnect internet-enabled software allows hackers to remotely access the car’s systems and take control. Unlike some other cyberattacks on cars where only the entertainment system is vulnerable, the Uconnect hack affects driving systems from the GPS and windscreen wipers to the steering, brakes and engine control.	A security hole in FCA’s Uconnect internet-enabled software allows hackers to remotely access the car’s systems and take control. Unlike some other cyberattacks on cars where only the entertainment system is vulnerable, the Uconnect hack affects driving systems from the GPS and windscreen wipers to the steering, brakes and engine control.
The Uconnect system is installed in hundreds of thousands of cars made by the FCA group since late 2013 and allows owners to remotely start the car, unlock doors and flash the headlights using an app.	The Uconnect system is installed in hundreds of thousands of cars made by the FCA group since late 2013 and allows owners to remotely start the car, unlock doors and flash the headlights using an app.
Related: Most cars are vulnerable to 'hacking or privacy intrusions' – report	Related: Most cars are vulnerable to 'hacking or privacy intrusions' – report
The hack was demonstrated by Charlie Miller and Chris Valasek, two security researchers who previous demonstrated attacks on a Toyota Prius and a Ford Escape. Using a laptop and a mobile phone on the Sprint network, they took control of a Jeep Cherokee while Wired reporter Andy Greenberg was driving, demonstrating their ability to control it and eventually forcing it into a ditch.	The hack was demonstrated by Charlie Miller and Chris Valasek, two security researchers who previous demonstrated attacks on a Toyota Prius and a Ford Escape. Using a laptop and a mobile phone on the Sprint network, they took control of a Jeep Cherokee while Wired reporter Andy Greenberg was driving, demonstrating their ability to control it and eventually forcing it into a ditch.
Unlike the majority of hacking attempts on cars, the vulnerability within the Uconnect system allows cybercriminals to take control of the car remotely, without the need to make physical contact with the car.	Unlike the majority of hacking attempts on cars, the vulnerability within the Uconnect system allows cybercriminals to take control of the car remotely, without the need to make physical contact with the car.
The security researchers notified Fiat Chrysler nine months ago, allowing the car manufacturer to release a security update to fix the problem, which it did on 16 July.	The security researchers notified Fiat Chrysler nine months ago, allowing the car manufacturer to release a security update to fix the problem, which it did on 16 July.
However the update requires users to manually update their cars by visiting the manufacturer’s site, downloading a programme on to a flash drive and inserting it into the car’s USB socket. FCA dealers can update the car for owners, but the company is apparently unable to automatically update the cars over the internet.	However the update requires users to manually update their cars by visiting the manufacturer’s site, downloading a programme on to a flash drive and inserting it into the car’s USB socket. FCA dealers can update the car for owners, but the company is apparently unable to automatically update the cars over the internet.
“This update might not sound particularly important, but trust me, if you can, you really should install this one,” Miller said on Twitter.	“This update might not sound particularly important, but trust me, if you can, you really should install this one,” Miller said on Twitter.
Related: Driverless cars could face threat from hackers trying to cause road chaos	Related: Driverless cars could face threat from hackers trying to cause road chaos
Independent security expert Graham Cluley added: “Note that the researchers believe that, although they’ve only tested it out on Jeeps, the attacks could be tweaked to work on any Chrysler car with a vulnerable Uconnect head unit.”	Independent security expert Graham Cluley added: “Note that the researchers believe that, although they’ve only tested it out on Jeeps, the attacks could be tweaked to work on any Chrysler car with a vulnerable Uconnect head unit.”
“You should consider installing a security update that Jeep has issued for cars fitted with a model RA3 or model RA4 radio/navigation system.”	“You should consider installing a security update that Jeep has issued for cars fitted with a model RA3 or model RA4 radio/navigation system.”
It is unclear whether the vulnerability within the Uconnect system is confined to US cars, or certain models.	It is unclear whether the vulnerability within the Uconnect system is confined to US cars, or certain models.
~~FCA is ~~yet~~ to ~~respond~~ to a ~~request~~ ~~for~~ ~~comment.~~~~	A FCA spokesperson said on Wednesday: “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.”
	“FCA released a software update that offers customers improved vehicle electronic security and communications system enhancements. The Company monitors and tests the information systems of all of its products to identify and eliminate vulnerabilities in the ordinary course of business. Customers can either download and install this particular update themselves or, if preferred, their dealer can complete this one-time update at no cost to customers.”